Notifications
Clear all
Topic starter
09/06/2026 11:55 pm
TL;DR: Agentic AI is lowering the cost of fraud at the same time it increases attacker speed, with Deloitte projecting US AI-facilitated fraud losses will reach $40 billion by 2027, up from $12.3 billion in 2023, according to Deloitte’s Center for Financial Services. The security problem is no longer only detection, but whether fraud controls can make attacking economically irrational before scale becomes unmanageable.
NHIMG editorial — based on content published by Arkose Labs: Fraud Prevention, The Economics of Fraud Have Changed. Here’s Why
By the numbers:
- Deloitte’s Center for Financial Services projects that AI-facilitated fraud losses in the US will reach $40 billion by 2027, up from $12.3 billion in 2023.
- FraudGPT is available for $1,700 per year.
- Gartner predicts that by 2028, 25% of enterprise breaches will trace back to AI agent abuse.
Questions worth separating out
Q: How should security teams classify AI agent traffic in fraud prevention flows?
A: Security teams should classify AI agent traffic by intent and behaviour, not by whether automation is present.
Q: Why do agentic AI systems make fraud harder to stop with static rules?
A: Agentic AI systems can adapt their tactics faster than manual policy updates or fixed rules can respond.
Q: What do security teams get wrong about blocking bots and automation?
A: The common mistake is treating all automation as the same risk.
Practitioner guidance
- Classify agent traffic before enforcing policy Separate self-disclosing good agents, non-disclosing good agents, and malicious agents using behavioural and session context.
- Add friction where attackers spend time and compute Apply challenge and step-up controls at registration, login, payment, and API edges so repeated abuse becomes expensive.
- Build adaptive learning into enforcement Feed every session outcome into the detection model so new bypass patterns are incorporated quickly.
What's in the full article
Arkose Labs' full research covers the operational detail this post intentionally leaves for the source:
- The three-tier agent classification framework and how it is applied across real traffic patterns.
- The enforcement economics model behind challenge-based deterrence and why it changes attacker ROI.
- The architecture of Arkose Titan, including how detection, device intelligence, and challenge enforcement are combined.
- The series roadmap for the seven-part fraud prevention discussion and the specific technical follow-on topics.
👉 Read Arkose Labs' analysis of how agentic AI is changing fraud economics →
Agentic AI fraud economics: are your controls keeping up?
Explore further
10/06/2026 2:28 am
Agentic AI turns fraud prevention into an economics problem, not just a detection problem. When the cost of launching abuse falls faster than the cost of defending against it, the security model breaks at the incentive layer. Static blocking can still stop individual attempts, but it does not change the attacker’s business case. Practitioners should treat attacker ROI as a control objective, not a side effect.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: What should organisations measure if they want to know fraud controls are working?
A: Organisations should measure whether controls are increasing attacker cost, reducing campaign success rates, and forcing repeated abuse to become uneconomic. A control can reduce one attempt and still fail strategically if attackers can immediately retry at low cost. The right metric is not only detection, but deterrence.
👉 Read our full editorial: Agentic AI is changing the economics of fraud prevention
